On 4/27/23 6:08 PM, Martin KaFai Lau wrote:
diff --git a/tools/lib/bpf/btf_dump.c b/tools/lib/bpf/btf_dump.c
index 580985ee5545..8f659ec8798d 100644
--- a/tools/lib/bpf/btf_dump.c
+++ b/tools/lib/bpf/btf_dump.c
@@ -2250,9 +2250,19 @@ static int btf_dump_type_data_check_overflow(struct btf_dump *d,
const struct btf_type *t,
__u32 id,
const void *data,
- __u8 bits_offset)
+ __u8 bits_offset,
+ __u8 bit_sz)
{
- __s64 size = btf__resolve_size(d->btf, id);
+ __s64 size;
+
+ if (bit_sz) {
+ /* bits_offset is at most 7. bit_sz is at most 128. */
+ __u8 nr_bytes = (bits_offset + bit_sz + 7) / 8;
+
+ return data + nr_bytes > d->typed_dump->data_end ? -E2BIG : 0;
hmm...returning 0 here is not very correct. nr_bytes should be returned instead,
although does not seem anyone is using the value. will post v2.
+ }
+
+ size = btf__resolve_size(d->btf, id);
